, Professor Peter Swire
examines the proposed cybersecurity legislation. In “Moving too fast on cybersecurity
,” he stresses, “We should be very cautious about passing cybersecurity legislation this year.”
A few highlights from the piece:
The Senate bills and the Precise Act, especially its subcommittee version, have run into opposition from major industry actors who question whether such rules would achieve their intended goal of responding to fast-changing cybersecurity attacks. Complying with such rules will impede innovation, both in general and for cybersecurity itself.
[Concerning the proposed act, CISPA:]
The overly broad definitions, however, still exist. They enable companies to share detailed information about their customers with the government and other companies — without telling their customers, and without a close link to actual cyber threats.
Of even more concern, CISPA would encourage this sharing of personal information “notwithstanding any other provision of law.” That means wiretap laws, medical privacy laws and all other privacy laws will be trumped whenever there is “information sharing” concerning a “cyber threat.” And, once the private information is shared, there are no significant limits on how the recipients reuse or redisclose the information.
In conclusion, the cybersecurity bills before Congress are not likely to significantly improve cybersecurity, might actually undermine it while impeding technological innovation and could pose serious threats to long-established privacy and civil-liberty protections.
Read the full piece here: Moving Too Fast on Cybersecurity
Peter P. Swire
is the C. William O’Neill Professor of Law at the Moritz College of Law of the Ohio State University. He is recognized internationally as an expert in the fields of privacy, computer security, and the law of cyberspace.
Professor Swire has been a policy official in the White House under both Presidents Obama and Clinton. In the Obama administration, he was centrally involved in the reform process for the government sponsored enterprises Fannie Mae and Freddie Mac. Additionally, he was the lead person at the NEC on technology issues, including broadband, spectrum, privacy and cybersecurity, and net neutrality. In the Clinton Administration, he coordinated Administration policy on the use of personal information in the public and private sectors, and served as point of contact with privacy and data protection officials in other countries. He was also White House coordinator for the proposed and final HIPAA medical privacy rules, and played a leading role on topics including financial privacy, Internet privacy, encryption, public records and privacy, ecommerce policy, and computer security and privacy.
In an op-ed piece for